[Full-Disclosure] TFTPD32 Long FileName Remote Denial of Service

TFTPD32 Long FileName Remote Denial of Service By Sowhat 12.JAN.2005 http://secway.org/advisory/ad20050108.txt Product Affected: TFTPD 2.74 and prior Impact: Low 1 Introduction TFTPD32 is a bundle including a full featured TFTP server, a TFTP client, a DHCP server and a Syslog server. TFTPD32 is...

CVE-2004-1170

a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename...

CVE-2004-1232

Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to execute arbitrary code via a large image filename...

CVE-2004-1273

Buffer overflow in the DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a long filename...

DEBIAN-CVE-2004-1170

a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename...

[Full-Disclosure] WinHKI - LHA File Incorrect Filename Handeling Leads to Crash/Underflow

Application: WinHKI Vendors: http://www.webtoolmaster.com Versions: 1.4d Platforms: Windows Bug: LHA File Incorrect Filename Handeling Leads to Crash/Underflow Exploitation: Local extract file Date: 24 Dec 2004 Author: Rafel Ivgi, The-Insider E-Mail: [email protected] Website:...

[Full-Disclosure] WinHKI - LHA File Incorrect Filename Handeling Leads to Crash/Underflow

Application: WinHKI Vendors: http://www.webtoolmaster.com Versions: 1.4d Platforms: Windows Bug: LHA File Incorrect Filename Handeling Leads to Crash/Underflow Exploitation: Local extract file Date: 24 Dec 2004 Author: Rafel Ivgi, The-Insider E-Mail: [email protected] Website:...

[Full-Disclosure] WinHKI BH File Incorrect Filename Handeling Leads to 100 CPU%

Application: WinHKI Vendors: http://www.webtoolmaster.com Versions: 1.4d Platforms: Windows Bug: BH File Incorrect Filename Handeling Leads to 100 CPU Exploitation: Local extract file Date: 24 Dec 2004 Author: Rafel Ivgi, The-Insider E-Mail: [email protected] Website:...

Mozilla, Firefox, Thunderbird: Various vulnerabilities

Background Mozilla is a popular web browser that includes a mail and newsreader. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. Description Maurycy Prodeus from isec.pl found a potentially exploitable buffer overflow ...

Microsoft Internet Explorer directory traversal

.. in filename is not checked...

CVE-2004-2187

Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors...

CVE-2004-2384

NullSoft Winamp 5.02 allows remote attackers to cause a denial of service crash by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line...

CVE-2004-1408

The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files...

CVE-2004-1411

Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service infinite loop via a message that contains an image whose filename does not start with restricted characters...

DEBIAN-CVE-2004-2187

Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors...

CVE-2004-2187

Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors...

PT-2004-2917 · Oscommerce · Oscommerce

Name of the Vulnerable Software and Affected Versions: osCommerce version 2.2 Description: A directory traversal issue exists, allowing remote attackers to view arbitrary files by including a .. dot dot in the filename argument of the file manager.php script. Recommendations: For osCommerce versi...

SHOUTCast format string bug

Format string bug in filename...

CVE-2001-1413

Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries such as FTP server, may allow remote attackers to execute arbitrary code via a long filename argument...

CVE-2004-1254

WinRAR 3.40 (and possibly earlier) is affected by a vulnerability in ZIP handling where a file with a long filename can trigger an integer overflow that leads to a buffer overflow, allowing remote attackers to execute arbitrary code. Impact is remote code execution with full system control as ind...